A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.

An account can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.

The details of the account to associate with the administrator account.

The Amazon Resource Name (ARN) of the account that was associated with the administrator account.

The response's http status code.

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

The Amazon Web Services account ID for the account to designate as the delegated Amazon Macie administrator account for the organization.

The response's http status code.

The unique identifier for the classification job.

Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurring job, this value indicates the error status of the job's most recent run.

The schedule for running the job. Possible values are:

• ONE_TIME - The job runs only once.
• SCHEDULED - The job runs on a daily, weekly, or monthly basis. The scheduleFrequency property indicates the recurrence pattern for the job.

For a recurring job, specifies whether you configured the job to analyze all existing, eligible objects immediately after the job was created (true). If you configured the job to analyze only those objects that were created or changed after the job was created and before the job's first scheduled run, this value is false. This value is also false for a one-time job.

The unique identifier for the job.

The token that was provided to ensure the idempotency of the request to create the job.

The Amazon Resource Name (ARN) of the job.

The S3 buckets that contain the objects to analyze, and the scope of that analysis.

The date and time, in UTC and extended ISO 8601 format, when the job was created.

If the current status of the job is USER_PAUSED, specifies when the job was paused and when the job or job run will expire and be cancelled if it isn't resumed. This value is present only if the value for jobStatus is USER_PAUSED.

The sampling depth, as a percentage, that determines the percentage of eligible objects that the job analyzes.

The selection type that determines which managed data identifiers the job uses to analyze data. Possible values are:

• ALL - Use all the managed data identifiers that Amazon Macie provides.
• EXCLUDE - Use all the managed data identifiers that Macie provides except the managed data identifiers specified by the managedDataIdentifierIds property.
• INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.
• NONE - Don't use any managed data identifiers.

If this value is null, the job uses all managed data identifiers. If this value is null, ALL, or EXCLUDE for a recurring job, the job also uses new managed data identifiers as they are released.

The date and time, in UTC and extended ISO 8601 format, when the job started. If the job is a recurring job, this value indicates when the most recent run started.

An array of unique identifiers, one for each custom data identifier that the job uses to analyze data. This value is null if the job uses only managed data identifiers to analyze data.

The custom name of the job.

The number of times that the job has run and processing statistics for the job's current run.

An array of unique identifiers, one for each managed data identifier that the job is explicitly configured to include (use) or exclude (not use) when it analyzes data. Inclusion or exclusion depends on the managed data identifier selection type specified for the job (managedDataIdentifierSelector). This value is null if the job's managed data identifier selection type is ALL or the job uses only custom data identifiers (customDataIdentifierIds) to analyze data.

The current status of the job. Possible values are:

• CANCELLED - You cancelled the job or, if it's a one-time job, you paused the job and didn't resume it within 30 days.
• COMPLETE - For a one-time job, Amazon Macie finished processing the data specified for the job. This value doesn't apply to recurring jobs.
• IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run is pending. This value doesn't apply to one-time jobs.
• PAUSED - Macie started running the job but additional processing would exceed the monthly sensitive data discovery quota for your account or one or more member accounts that the job analyzes data for.
• RUNNING - For a one-time job, the job is in progress. For a recurring job, a scheduled run is in progress.
• USER_PAUSED - You paused the job. If you paused the job while it had a status of RUNNING and you don't resume it within 30 days of pausing it, the job or job run will expire and be cancelled, depending on the job's type. To check the expiration date, refer to the UserPausedDetails.jobExpiresAt property.

The custom description of the job.

A map of key-value pairs that specifies which tags (keys and values) are associated with the classification job.

The recurrence pattern for running the job. This value is null if the job is configured to run only once.

The response's http status code.

The criteria to use to filter the results.

The criteria to use to sort the results.

The nextToken string that specifies which page of results to return in a paginated response.

The maximum number of items to include in each page of the response.

An array of strings, where each string is the unique identifier for a finding that meets the filter criteria specified in the request.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

The Amazon Web Services account ID for the administrator account. If the accounts are associated by a Macie membership invitation, this object also provides details about the invitation that was sent to establish the relationship between the accounts.

The response's http status code.

The nextToken string that specifies which page of results to return in a paginated response.

The maximum number of items to include in each page of a paginated response.

An array of objects, one for each delegated Amazon Macie administrator account for the organization. Only one of these accounts can have a status of ENABLED.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

The filter conditions that determine which S3 buckets to include or exclude from the query results.

The criteria to use to sort the results.

The nextToken string that specifies which page of results to return in a paginated response.

The maximum number of items to include in each page of the response. The default value is 50.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

An array of objects, one for each resource that meets the filter criteria specified in the request.

The response's http status code.

The response's http status code.

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

The criteria to use to filter findings.

The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.

A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.

We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.

A custom description of the filter. The description can contain as many as 512 characters.

We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.

The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.

The unique identifier for the Amazon Macie resource or account that the request applies to.

The Amazon Resource Name (ARN) of the filter that was updated.

The unique identifier for the filter that was updated.

The response's http status code.

The unique identifier for the Amazon Macie resource or account that the request applies to.

The response's http status code.

The nextToken string that specifies which page of results to return in a paginated response.

The maximum number of items to include in each page of a paginated response.

An array of objects, one for each filter that's associated with the account.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

Specifies the new status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to ENABLED.

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

Specifies how often to publish updates to policy findings for the account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).

The response's http status code.

The inclusive time period to retrieve the data for. Valid values are: MONTH_TO_DATE, for the current calendar month to date; and, PAST_30_DAYS, for the preceding 30 days. If you don't specify a value for this parameter, Amazon Macie provides aggregated usage data for the preceding 30 days.

The inclusive time period that the usage data applies to. Possible values are: MONTH_TO_DATE, for the current calendar month to date; and, PAST_30_DAYS, for the preceding 30 days.

An array of objects that contains the results of the query. Each object contains the data for a specific usage metric.

The response's http status code.

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

A custom description of the filter. The description can contain as many as 512 characters.

We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.

A map of key-value pairs that specifies the tags to associate with the filter.

A findings filter can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.

The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.

The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.

The criteria to use to filter findings.

A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.

We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.

The Amazon Resource Name (ARN) of the filter that was created.

The unique identifier for the filter that was created.

The response's http status code.

The Amazon Resource Name (ARN) of the classification job, custom data identifier, findings filter, or member account.

A map of key-value pairs that identifies the tags (keys and values) that are associated with the resource.

The response's http status code.

The nextToken string that specifies which page of results to return in a paginated response.

The maximum number of items to include in each page of a paginated response.

An array of objects, one for each invitation that was received by the account.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

The criteria to use to sort the query results.

The nextToken string that specifies which page of results to return in a paginated response.

The criteria to use to filter the query results.

The maximum number of items to include in each page of the response. The default value is 50.

An array of objects, one for each bucket that meets the filter criteria specified in the request.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

The criteria to use to filter the results.

The criteria to use to sort the results.

The nextToken string that specifies which page of results to return in a paginated response.

The maximum number of items to include in each page of the response.

An array of objects, one for each job that meets the filter criteria specified in the request.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

The unique identifier for the Amazon Macie resource or account that the request applies to.

The Amazon Resource Name (ARN) of the filter.

The criteria that's used to filter findings.

The action that's performed on findings that meet the filter criteria (findingCriteria). Possible values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.

The custom name of the filter.

The unique identifier for the filter.

The custom description of the filter.

A map of key-value pairs that identifies the tags (keys and values) that are associated with the filter.

The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.

The response's http status code.

The unique identifier for the classification job.

The new status for the job. Valid values are:

• CANCELLED - Stops the job permanently and cancels it. This value is valid only if the job's current status is IDLE, PAUSED, RUNNING, or USER_PAUSED.

  If you specify this value and the job's current status is RUNNING, Amazon Macie immediately begins to stop all processing tasks for the job. You can't resume or restart a job after you cancel it.

• RUNNING - Resumes the job. This value is valid only if the job's current status is USER_PAUSED.

  If you paused the job while it was actively running and you specify this value less than 30 days after you paused the job, Macie immediately resumes processing from the point where you paused the job. Otherwise, Macie resumes the job according to the schedule and other settings for the job.

• USER_PAUSED - Pauses the job temporarily. This value is valid only if the job's current status is IDLE, PAUSED, or RUNNING. If you specify this value and the job's current status is RUNNING, Macie immediately begins to pause all processing tasks for the job.

  If you pause a one-time job and you don't resume it within 30 days, the job expires and Macie cancels the job. If you pause a recurring job when its status is RUNNING and you don't resume it within 30 days, the job run expires and Macie cancels the run. To check the expiration date, refer to the UserPausedDetails.jobExpiresAt property.

The response's http status code.

An array that lists Amazon Web Services account IDs, one for each account that sent an invitation to delete.

An array of objects, one for each account whose invitation hasn't been deleted. Each object identifies the account and explains why the request hasn't been processed for that account.

The response's http status code.

(Deprecated) The Amazon Web Services account ID for the administrator account. If the accounts are associated by a Macie membership invitation, this object also provides details about the invitation that was sent to establish the relationship between the accounts.

The response's http status code.

The location to store data classification results in, and the encryption settings to use when storing results in that location.

The location where the data classification results are stored, and the encryption settings that are used when storing results in that location.

The response's http status code.

The unique identifier for the Amazon Macie resource or account that the request applies to.

The Amazon Resource Name (ARN) of the custom data identifier.

The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.

The regular expression (regex) that defines the pattern to match.

The custom name of the custom data identifier.

An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. Keywords aren't case sensitive.

An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. Ignore words are case sensitive.

The unique identifier for the custom data identifier.

Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it soft deletes the identifier.

The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Amazon Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern.

The custom description of the custom data identifier.

A map of key-value pairs that identifies the tags (keys and values) that are associated with the custom data identifier.

The response's http status code.

The inclusive time period to query usage data for. Valid values are: MONTH_TO_DATE, for the current calendar month to date; and, PAST_30_DAYS, for the preceding 30 days. If you don't specify a value, Amazon Macie provides usage data for the preceding 30 days.

The nextToken string that specifies which page of results to return in a paginated response.

An array of objects, one for each condition to use to filter the query results. If you specify more than one condition, Amazon Macie uses an AND operator to join the conditions.

The maximum number of items to include in each page of the response.

The criteria to use to sort the query results.

The inclusive time period that the usage data applies to. Possible values are: MONTH_TO_DATE, for the current calendar month to date; and, PAST_30_DAYS, for the preceding 30 days.

An array of objects that contains the results of the query. Each object contains the data for an account that meets the filter criteria specified in the request.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

An array that lists Amazon Web Services account IDs, one for each account that sent an invitation to decline.

An array of objects, one for each account whose invitation hasn't been declined. Each object identifies the account and explains why the request hasn't been processed for that account.

The response's http status code.

An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3-90 UTF-8 characters. Keywords aren't case sensitive.

An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4-90 UTF-8 characters. Ignore words are case sensitive.

The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Amazon Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1-300 characters. The default value is 50.

The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.

The sample text to inspect by using the custom data identifier. The text can contain as many as 1,000 characters.

The number of instances of sample text that matched the detection criteria specified in the custom data identifier.

The response's http status code.

Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in Personal Health Dashboard. To send an email notification to the root user of each account, set this value to true.

A custom message to include in the invitation. Amazon Macie adds this message to the standard content that it sends for an invitation.

An array that lists Amazon Web Services account IDs, one for each account to send the invitation to.

An array of objects, one for each account whose invitation hasn't been processed. Each object identifies the account and explains why the invitation hasn't been processed for the account.

The response's http status code.

Specifies whether the maximum number of Amazon Macie member accounts are part of the Amazon Web Services organization.

Specifies whether Amazon Macie is enabled automatically for accounts that are added to the Amazon Web Services organization.

The response's http status code.

An array of custom data identifier IDs, one for each custom data identifier to retrieve information about.

An array of custom data identifier IDs, one for each custom data identifier that was specified in the request but doesn't correlate to an existing custom data identifier.

An array of objects, one for each custom data identifier that meets the criteria specified in the request.

The response's http status code.

The unique identifier for the Amazon Macie resource or account that the request applies to.

The response's http status code.

The response's http status code.

The Amazon Web Services account ID for the account that sent the invitation.

(Deprecated) The Amazon Web Services account ID for the account that sent the invitation. This property has been replaced by the administratorAccountId property and is retained only for backward compatibility.

The unique identifier for the invitation to accept.

The response's http status code.

The nextToken string that specifies which page of results to return in a paginated response.

Specifies which accounts to include in the response, based on the status of an account's relationship with the administrator account. By default, the response includes only current member accounts. To include all accounts, set this value to false.

The maximum number of items to include in each page of a paginated response.

An array of objects, one for each account that's associated with the administrator account and meets the criteria specified by the onlyAssociated request parameter.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

Specifies a new status for the account. Valid values are: ENABLED, resume all Amazon Macie activities for the account; and, PAUSED, suspend all Macie activities for the account.

Specifies how often to publish updates to policy findings for the account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).

The response's http status code.

The location where data classification results are stored, and the encryption settings that are used when storing results in that location.

The response's http status code.

The configuration settings that determine which findings are published to Security Hub.

The response's http status code.

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.

A custom name for the custom data identifier. The name can contain as many as 128 characters.

We strongly recommend that you avoid including any sensitive data in the name of a custom data identifier. Other users of your account might be able to see the identifier's name, depending on the actions that they're allowed to perform in Amazon Macie.

An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3-90 UTF-8 characters. Keywords aren't case sensitive.

An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4-90 UTF-8 characters. Ignore words are case sensitive.

The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Amazon Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1-300 characters. The default value is 50.

A custom description of the custom data identifier. The description can contain as many as 512 characters.

We strongly recommend that you avoid including any sensitive data in the description of a custom data identifier. Other users of your account might be able to see the identifier's description, depending on the actions that they're allowed to perform in Amazon Macie.

A map of key-value pairs that specifies the tags to associate with the custom data identifier.

A custom data identifier can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.

The unique identifier for the custom data identifier that was created.

The response's http status code.

An array that lists one or more types of findings to include in the set of sample findings. Currently, the only supported value is Policy:IAMUser/S3BucketEncryptionDisabled.

The response's http status code.

The nextToken string that specifies which page of results to return in a paginated response.

An array of objects, one for each managed data identifier.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

The unique identifier for the Amazon Macie resource or account that the request applies to.

Specifies the new status for the account. Valid values are: ENABLED, resume all Amazon Macie activities for the account; and, PAUSED, suspend all Macie activities for the account.

The response's http status code.

The total number of invitations that were received by the account, not including the currently accepted invitation.

The response's http status code.

Specifies whether to enable Amazon Macie automatically for each account, when the account is added to the Amazon Web Services organization.

The response's http status code.

The unique identifier for the Amazon Macie resource or account that the request applies to.

The response's http status code.

For a recurring job, specifies whether to analyze all existing, eligible objects immediately after the job is created (true). To analyze only those objects that are created or changed after you create the job and before the job's first scheduled run, set this value to false.

If you configure the job to run only once, don't specify a value for this property.

The sampling depth, as a percentage, for the job to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.

The selection type to apply when determining which managed data identifiers the job uses to analyze data. Valid values are:

• ALL - Use all the managed data identifiers that Amazon Macie provides. If you specify this value, don't specify any values for the managedDataIdentifierIds property.
• EXCLUDE - Use all the managed data identifiers that Macie provides except the managed data identifiers specified by the managedDataIdentifierIds property.
• INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.
• NONE - Don't use any managed data identifiers. If you specify this value, specify at least one custom data identifier for the job (customDataIdentifierIds) and don't specify any values for the managedDataIdentifierIds property.

If you don't specify a value for this property, the job uses all managed data identifiers. If you don't specify a value for this property or you specify ALL or EXCLUDE for a recurring job, the job also uses new managed data identifiers as they are released.

An array of unique identifiers, one for each custom data identifier for the job to use when it analyzes data. To use only managed data identifiers, don't specify a value for this property and specify a value other than NONE for the managedDataIdentifierSelector property.

An array of unique identifiers, one for each managed data identifier for the job to include (use) or exclude (not use) when it analyzes data. Inclusion or exclusion depends on the managed data identifier selection type that you specify for the job (managedDataIdentifierSelector).

To retrieve a list of valid values for this property, use the ListManagedDataIdentifiers operation.

A custom description of the job. The description can contain as many as 200 characters.

A map of key-value pairs that specifies the tags to associate with the job.

A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.

The recurrence pattern for running the job. To run the job only once, don't specify a value for this property and set the value for the jobType property to ONE_TIME.

The S3 buckets that contain the objects to analyze, and the scope of that analysis.

The schedule for running the job. Valid values are:

• ONE_TIME - Run the job only once. If you specify this value, don't specify a value for the scheduleFrequency property.
• SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the scheduleFrequency property to define the recurrence pattern for the job.

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

A custom name for the job. The name can contain as many as 500 characters.

The unique identifier for the job.

The Amazon Resource Name (ARN) of the job.

The response's http status code.

The unique identifier for the Amazon Web Services account.

The total storage size, in bytes, of the objects that are compressed (.gz, .gzip, .zip) files in the buckets.

If versioning is enabled for any of the buckets, Amazon Macie calculates this value based on the size of the latest version of each applicable object in those buckets. This value doesn't reflect the storage size of all versions of the applicable objects in the buckets.

The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved both bucket and object metadata from Amazon S3 for the buckets.

The total storage size, in bytes, of the buckets.

If versioning is enabled for any of the buckets, Amazon Macie calculates this value based on the size of the latest version of each object in those buckets. This value doesn't reflect the storage size of all versions of the objects in the buckets.

The total number of buckets that are or aren't shared with another Amazon Web Services account.

The total number of objects that Amazon Macie can analyze in the buckets. These objects use a supported storage class and have a file name extension for a supported file or storage format.

The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the buckets. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.

The total number of objects that Amazon Macie can't analyze in the buckets. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.

The total number of buckets.

The total number of buckets that are publicly accessible based on a combination of permissions settings for each bucket.

The total number of buckets whose bucket policies do or don't require server-side encryption of objects when objects are uploaded to the buckets.

The total number of objects in the buckets.

The total storage size, in bytes, of all the objects that Amazon Macie can analyze in the buckets. These objects use a supported storage class and have a file name extension for a supported file or storage format.

If versioning is enabled for any of the buckets, Macie calculates this value based on the size of the latest version of each applicable object in those buckets. This value doesn't reflect the storage size of all versions of all applicable objects in the buckets.

The total number of buckets that use certain types of server-side encryption to encrypt new objects by default. This object also reports the total number of buckets that don't encrypt new objects by default.

The response's http status code.

The Amazon Resource Name (ARN) of the classification job, custom data identifier, findings filter, or member account.

A map of key-value pairs that specifies the tags to associate with the resource.

A resource can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.

The response's http status code.

The criteria for sorting the results of the request.

An array of strings that lists the unique identifiers for the findings to retrieve.

An array of objects, one for each finding that meets the criteria specified in the request.

The response's http status code.

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

The configuration settings that determine which findings to publish to Security Hub.

The response's http status code.

The key of the tag to remove from the resource. To remove multiple tags, append the tagKeys parameter and argument for each additional tag to remove, separated by an ampersand (&).

The Amazon Resource Name (ARN) of the classification job, custom data identifier, findings filter, or member account.

The response's http status code.

The current status of the Macie account. Possible values are: PAUSED, the account is enabled but all Macie activities are suspended (paused) for the account; and, ENABLED, the account is enabled and all Macie activities are enabled for the account.

The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie account was created.

The frequency with which Macie publishes updates to policy findings for the account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).

The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the Macie account.

The Amazon Resource Name (ARN) of the service-linked role that allows Macie to monitor and analyze data in Amazon Web Services resources for the account.

The response's http status code.

The maximum number of items to include in each page of the response.

The criteria to use to filter the query results.

The criteria to use to sort the query results.

The finding property to use to group the query results. Valid values are:

• classificationDetails.jobId - The unique identifier for the classification job that produced the finding.
• resourcesAffected.s3Bucket.name - The name of the S3 bucket that the finding applies to.
• severity.description - The severity level of the finding, such as High or Medium.
• type - The type of finding, such as Policy:IAMUser/S3BucketPublic and SensitiveData:S3Object/Personal.

An array of objects, one for each group of findings that meet the filter criteria specified in the request.

The response's http status code.

The unique identifier for the Amazon Macie resource or account that the request applies to.

The email address for the account.

The Amazon Web Services account ID for the administrator account.

The Amazon Resource Name (ARN) of the account.

The current status of the relationship between the account and the administrator account.

(Deprecated) The Amazon Web Services account ID for the administrator account. This property has been replaced by the administratorAccountId property and is retained only for backward compatibility.

The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to the account.

The Amazon Web Services account ID for the account.

The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the relationship between the account and the administrator account.

A map of key-value pairs that identifies the tags (keys and values) that are associated with the member account in Amazon Macie.

The response's http status code.

The response's http status code.

The unique identifier for the Amazon Macie resource or account that the request applies to.

The response's http status code.

The Amazon Web Services account ID of the delegated Amazon Macie administrator account.

The response's http status code.

The nextToken string that specifies which page of results to return in a paginated response.

The maximum number of items to include in each page of the response.

An array of objects, one for each custom data identifier.

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

The response's http status code.

Specifies whether the ACL grants the general public with write access permissions for the bucket.

Specifies whether the ACL grants the general public with read access permissions for the bucket.

The email address for the account.

The Amazon Web Services account ID for the account.

The block public access settings for the Amazon Web Services account that owns the bucket.

The current status of the account as the delegated administrator of Amazon Macie for the organization.

The Amazon Web Services account ID for the account.

The first date and time, in UTC and extended ISO 8601 format, when any operation was invoked and produced the finding.

The URL of the Amazon Web Service that provides the operation, for example: s3.amazonaws.com.

The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation (api) was invoked and produced the finding.

The name of the operation that was invoked most recently and produced the finding.

The unique identifier for the entity that was used to get the credentials.

The Amazon Resource Name (ARN) of the entity that was used to get the credentials.

The details of the session that was created for the credentials, including the entity that issued the session.

The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.

The Amazon Web Services access key ID that identifies the credentials.

The unique identifier for the entity that performed the action.

The unique identifier for the Amazon Web Services account.